Tuesday, September 10, 2024
HomeComputer SecurityHackers using HawkEye Keylogging Malware to Attack Enterprise Networks to Steal Application...

Hackers using HawkEye Keylogging Malware to Attack Enterprise Networks to Steal Application Data

Published on

Hackers behind the new HawkEye malware campaign targets business users to infect them with advanced keylogging malware that could download additional malware on the infected devices.

The HawkEye malware is capable of stealing information from the affected devices, it act’s as a loader and also the malware fetches other malware to the device.

X-Force observed the campaign between April and May 2019; it primarily targets the following industries that include transportation and logistics, healthcare, import and export, marketing, agriculture, and others.

- Advertisement - EHA

The malware was active since 2013, and cybercriminals circulate it in hacking forums, the information stealer malware kit HawkEye Reborn v9 and it is heavily obfuscated.

HawkEye Malware Targets Business Users

The campaign is financially motivated, “X-Force researchers can note that the operators behind the campaign are targeting business users” because at business places attackers can exfiltrate more data and larger bank accounts.

With this current malspam campaign, the message poses to be from a large bank in Spain, it appears the threat actors targeting users from Spain.

The spam Email appears to be originated from Spain bank carries a zip which contains a .lnk file(a fake incoide image), once the image opened the malware will get triggered and leverage the PowerShell to establish a connection with attacker’s C2 server and drops additional payloads.

HawkEye Malware Functions

  • Email password stealing
  • Web browser password stealing
  • Keylogging and taking screenshots
  • Bitcoin wallet theft
  • USB propagation
  • Internet download manager stealing
  • JDownloader password stealing
  • Anti-virus checking
  • Firewall checking

According to X-Force report, the spam campaign targets all around the globe, “Samples we checked reached users in Spain, the US, and the United Arab Emirates for HawkEye Reborn v9. HawkEye v8 focused on targeting users in Spain.”

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Chinese Hackers Using Open Source Tools To Launch Cyber Attacks

Three Chinese state-backed threat groups, APT10, GALLIUM, and Stately Taurus, have repeatedly employed a...

Small Business, Big Threats: INE Security Launches Initiative to Train SMBs to Close a Critical Skills Gap

As cyber threats grow, small to medium-sized businesses (SMBs) are disproportionately targeted. According to...

Researchers Details Attacks On Air-Gaps Computers To Steal Data

The air-gap data protection method isolates local networks from the internet to mitigate cyber...

Beware Of Malicious Chrome Extension That Delivers Weaponized ZIP Archive

In August 2024, researchers detected a malicious Google Chrome browser infection that led to...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Researchers Details Attacks On Air-Gaps Computers To Steal Data

The air-gap data protection method isolates local networks from the internet to mitigate cyber...

Beware Of Malicious Chrome Extension That Delivers Weaponized ZIP Archive

In August 2024, researchers detected a malicious Google Chrome browser infection that led to...

CISA Issues Warning About Three Actively Exploited Vulnerabilities in the Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about three...